In War and Peace: The Impact of World Politics on Software Ecosystems

@article{Kula2022InWA,
  title={In War and Peace: The Impact of World Politics on Software Ecosystems},
  author={Raula Gaikovina Kula and Christoph Treude},
  journal={ArXiv},
  year={2022},
  volume={abs/2208.01393}
}
Reliance on third-party libraries is now commonplace in contemporary software engineering. Being open source in nature, these libraries should advocate for a world where the freedoms and op-portunitiesof opensource software can be enjoyed by all. Yet, there is a growing concern related to maintainers using their influence to make politicalstances (i.e., referred to as protestware). In this paper, we reflect on the impact of world politics on software ecosystems, especially in the context of the… 

References

SHOWING 1-10 OF 25 REFERENCES

Is Surprisal in Issue Trackers Actionable?

TLDR
This study will propose a new method for unusual event detection in software repositories using surprisal by extracting the issues and pull requests from 5000 of the most popular software repositories on GitHub and training a language model to represent these issues.

What are the characteristics of highly-selected packages? A case study on the npm ecosystem

TLDR
A mixed qualitative and quantitative analysis to understand how developers identify and select relevant open source pack- ages showed that highly-selected packages tend to be correlated by the number of downloads, stars, and how large the package’s readme is, which can be used when deciding which packages to select.

What are Weak Links in the npm Supply Chain?

TLDR
The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed.

What Makes a Great Maintainer of Open Source Projects?

TLDR
This paper conducted 33 semi-structured interviews with well-experienced maintainers that are the gatekeepers of notable projects and created a conceptual framework to explain how these attributes are connected and noted that "technical excellence" and "communication" are the most recurring attributes.

Why reinventing the wheels? An empirical study on library reuse and re-implementation

TLDR
This work investigated the reasons behind library reuse and re-implementation and provided a few suggestions to improve the current library recommendation systems: tailored recommendation according to users’ preferences, detection of external code that is similar to a part of the Users’ code (to avoid duplication or re-IMplementation), grouping similar recommendations for developers to compare and select the one they prefer, and disrecommendation of poor-quality libraries.

The Life and Death of Software Ecosystems

  • R. KulaG. Robles
  • Computer Science
    Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability
  • 2019
TLDR
This chapter explores two aspects that contribute to a healthy ecosystem, related to the attraction (and detraction) and the death of ecosystems.

The Open Source Definition

Software Diversity for Future Systems Security

TLDR
In this overview article, the main concepts associated with diversity and software redundancy are described in the perspective of improving attack resistance in the field of software security.

Perceptions, Expectations, and Challenges in Defect Prediction

TLDR
A mixed qualitative and quantitative study to investigate what practitioners think, behave and expect in contrast to research findings when it comes to defect prediction, and identifies reasons why practitioners are reluctant to adopt defect prediction tools.

On the Impact of Micro-Packages: An Empirical Study of the npm JavaScript Ecosystem

TLDR
It is shown that some micro-packages have long dependency chains and incur just as much usage costs as other npm packages and motivates the need for developers to be aware of how sensitive their third-party dependencies are to critical changes in the software ecosystem.